Back to KEVs

CVE-2017-6884

A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 14, 2017
Published Date
April 06, 2017
Last Updated
February 04, 2025
Vendor
n/a
Product
n/a
Description
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2023-09-18 00:00:00 UTC) Source

References

https://www.exploit-db.com/exploits/41782/

Known Exploited Vulnerability Information

Source Added Date
CISA 2023-09-18 00:00:00 UTC